BUG #13467: Latest Openssl library forces Postgres to Close Connections

The following bug has been logged on the website:

Bug reference: 13467
Logged by: Brian Ceccarelli
Email address: bceccarelli@net32.com
PostgreSQL version: 9.4.1
Operating system: Red Hat Enterprise Linux 7.1
Description:

Red Hat as part of their normal updates, released a new version of openssl
which breaks Postgres communication.

When I load a dump, psql will fail in the middle of loading a 2 GB
database.

Openssl release 1.0.1e 52.el7_1.8 and release 1.0.1e 30.el7_6.11 force
connections to have DH keys longer than 768 bytes.

The older version (1 week old) Openssl release 1.0.1e 52.el7_1.6 and release
1.0.1e 30.el7_6.9 allow 512 byte DH keys. This version works.

I am compiling Postgres from source using with-openssl. When OpenSSL is
enabled, and even though I am not using a secure connection, I get an error
message "SSL closed connection--can't negotiate."

When I disable SSL in any fashion, Postgres still terminates the connection,
but I do not see an error. The communication simply stops and the psql
ends.

Here is what Red Hat is up to:

https://access.redhat.com/errata/RHSA-2015:1072

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs